The military and commercial organizations have heretofore relied on stringent access control methods for insuring that sensitive data did not find its way to those that did not have a formal need-to-know. Traditionally, the military has relied on a brand of products that the National Security Agency has tested and placed on the Evaluated Products List. These products provide discretionary and mandatory access control (DAC/MAC) of all data objects through the use of sensitivity labels. While providing a high degree of protection against unauthorized disclosures, these products severely restrict the number and type of applications that can be hosted. Additionally, these products are difficult to configure, manage and are more costly than standard commercial off the shelf (COTS) hardware and software components. As the military follows industry trends towards a web-centric based information environment; the ability of products from the evaluated products list to support the latest authoring technologies will be limited at best. Extensive development by software engineers specially trained in the trusted code generation and testing would be required to move toward a web-centric environment.
Most attempts at providing compartmentalized web-centric based information technology services has revolved around the use of trusted database management systems (DBMS), evaluated by the National Security Agency to provide compartmentalized or need-to-know security services. These DBMSs serve the repository for web-content. Customized middle-ware applications are used to query the DBMS and retrieve the appropriate material. This methodology strictly limits individuals to only that content for which they have a valid need-to-know. However, development and maintenance cost to generate the required middle-ware applications is high. Additionally, without exhaustive testing of this developed software, the high degree of security derived from using trusted products is impacted and results in a possibly significant increase in residual risk.